
const crypto = require('crypto');
exports.main = async (event, context) => {
	// event为客户端上传的参数
	console.log('event : ', event);
	const secret = '1234'; // 自己的密钥不要直接使用示例值，且注意不要泄露
	const hmac = crypto.createHmac('sha256', secret);

	const params = event.queryStringParameters;
	const sign = params.sign;
	delete params.sign;
	const signStr = Object.keys(params).sort().map((key) => {
	  return `${key}=${params[key]}`;
	}).join('&');

	hmac.update(signStr);

	  if (sign !== hmac.digest('hex')) {
	    throw new Error('非法访问');
	  }
	  const {
		  access_token,
		  openid,
		} = params;
		const res = await uniCloud.getPhoneNumber({
		  provider: 'univerify',
		  appid: '__UNI__2032A71', // DCloud appid
		  access_token,
		  openid,
		});
		// 返回手机号给自己服务器
		return res;
};
